Tag: –

Security software can cause unwanted conflictswith iTunes on a windows pc security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating this article explains how to disable securitysoftware, even if you don't know what you have on your computer. The first step is to click on the …

security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating.

this video explains how to disable securitysoftware, even if you do not know what you have on your computer.

the first thing to do is click on the startmenu and in the search box at the bottom type in msconfig.

once the window comes up, we want to go toselective startup, and un-tick load startup items.

we'll then go across to the servicestab, hide all microsoft services, and then disable all.

we'll go across to the startuptab.

and we want to look for anything that represents itunes or apple and enable those.

once your done you can click apply and thenok.

and it should prompt you then to restart the computer.

now that the computer is restarted, we'regoing to go back down to the start menu and type in msconfig one more time.

once the windowcomes up we'll go across to the startup tab.

and we're going to look for anything thatwas unticked previously and has now re-ticked itself.

in my example it is kaspersky anti-virus once we've identified what we need to getrid of we'll go to the control panel.

It's probably simpler if you change the view fromsmall icons in the top right corner to category view, that way we can go down to uninstalla program and once a list of programs loads we'll findthe security software that had re-ticked itself as we just saw.

in my example that was kasperskyanti virus once we uninstall this software, you'll befree to use itunes without any risk of the security software blocking that connection simply follow the prompts provided to uninstallthe software and if you have any questions or queries regarding how to do that, referto the software's website.

This technology helps protect users and developers from common cross-site scriptingattacks that can be found on the web.

In fact CSP is enforced by default for everypackaged app.

Because packaged apps have access to evenmore features than a web app, CSP has disabled some features that you might expect as a developersuch as: Inline scripts like click handlers and <script>tags with code inside and ‘eval’ and the ‘new function’methods We know that sometimes you need to use thesefeatures so we’ve introduced a feature called “sandboxed pages”.

These are pages inyour app that use all the features of the current web such as eval, new Function andinline script tags, but importantly have no direct access to advanced packaged app features.

The third protection in apps is the permissions model.

Apps can’t just use any feature theywant.

The user needs to have granted access to this feature.

You can easily declareyour apps intent by configuring the permissions that you need in the manifest file.

For exampleyou can declare that your app needs access to the user’s video camera, or access toraw sockets.

Finally another security measure is the <browser>tag for web content.

Imagine you are building an RSS feed readerthat will show news articles in the app experience.

Adding web content directly is dangerous,as you have no control over what external authors are adding to their content.

Howeverthe user experience demands that you show the content.

The <browser> tag is like aniframe in that it will allow you to embed web content into your app from an externalresource but it is entirely isolated from your app.

This was just a quick overview of the security model for packaged apps.

And I'm here with Adim Nahid[sp] And we're excited to do another year of a great partnership between VMware and Trend Micro.

Over the last [xx] years our customer have been moving quickly to adopt cloud.

And security is top of mind for them and I think the relationship has really helped to [xx] [xx] that adoption, Trend Micro has been able to deliver a lot of the security capabilities from an end-point perspective and more within the context of the VMware environment.

Deep Security is a shield around our virtual [xx].

It does anti-malware, it does firewall, it does intrusion prevention log inspection.

It's very easy to deploy and manage.

Deep Security allows companies to scale at a very rapid rate.

Without Deep Security Virtual patching, we would not have been able to bring this project live.

Trying to have the in-depth knowledge of security in a virtual world, and in a the cloud that we needed.

Collecting this data is the core of your ability to track, audit, and correlate critical security events.

LEM supports data collection from hundreds of different devices out-of-the-box.

These devices and logs generate messages that include things like authentication, network and security activity, system changes, and more.

Correlation is an important feature of true SIEM tools, and LEM provides real-time event correlation as your events are collected.

Correlation rules can be as simple as "any logon failure" to the more complex "alert on logon failures to my servers from remote desktop.

" Also, time and frequency correlations like "alert me when you see 5 logon failures from the same IP address to my servers from remote desktop" to multiple event correlations like "alert me when you see multiple logon failures followed by a successful logon from the same account.

Beyond correlation, LEM has the ability to automate remediation steps with dozens of built-in active responses.

Within a correlation rule or manually from your LEM console, if you spot suspicious activity yourself , you can instantly perform actions like disabling a domain user account after repeat suspicious activity, removing a user from a privileged group like local admins, or blocking an attacking IP address.

Last but not least, compliance initiatives all but spell out that a SIEM system is critical in establishing and maintaining compliance with requirements like PCI, HIPAA, Sarbanes-Oxley and others, not to mention countless internal audit requirements.

LEM includes content categorized specifically for compliance, making it easy to find various rules and reports applicable to a range of industries.

To learn more or to download a fully-functional 30-day trial of LEM, go to www.

>>Tom Fitzpatrick: And the average personnow uses three or more devices when they're out and about! >>Tom Fitzpatrick: Unfortunately, though,they have also extended the necessary security perimeter beyond your office and out intothe airport lounges and coffee shops of the world.

>>Tom Fitzpatrick: This, along with the BringYour Own Device trend, is creating new and complex security challenges for administratorslike you.

>>Tom Fitzpatrick: It gives you increasedvisibility and deeper security for mobile endpoints without the complexity of separate solutions.

>>Tom Fitzpatrick: The key features include support for both tablets and smartphones MDM for the administrator including over the airprovisioning and agent-based mobile security for the device.

>>Text: Mobile device management (MDM) >>Tom Fitzpatrick: MDM allows administrators to securely configure and deploy smartphones and tablets in a similar way to PCs, laptopsand other IT assets.

>>Tom Fitzpatrick: You can extend your wired security strategy and policies to your mobile devices, where ever they happen to be.

>>Tom Fitzpatrick: As the administrator, using our integrated console you can automate management and control tasks such as device configuration software updates and backup and restore.

>>Tom Fitzpatrick: You can define policiesin a granular, flexible way, right down to the device itself.

>>Tom Fitzpatrick: For example, jailbrokenor otherwise compromised devices can be blocked from your network, remotely locked, or even wiped.

>>Tom Fitzpatrick: You'll also receive a notification whenever one of these devices tries to connect, so you can track down rogue devices.

>>Tom Fitzpatrick: And with over the air provisioning, you can configure and control devices remotely, simply by sending a text message or an email.

>>Tom Fitzpatrick: From there, users are directed to a captive portal where your applications and your preconfigured settings are downloaded.

>>Tom Fitzpatrick: This means you don't have to physically handle the device to provision and control it.

>>Text: BYOD made easy >>Tom Fitzpatrick: Because mobility and BYOD can create a gaping hole in your security posture, you should apply tough restrictions on all devices including those that are employee owned.

>>Tom Fitzpatrick: One such technology that you should plan on implementing is Containerization.

>>Tom Fitzpatrick: It's a simple solutionthat completely separates personal and business content on a device.

>>Tom Fitzpatrick: If the phone gets lost,the administrator can enable a remote lock or delete the business content.

>>Tom Fitzpatrick: This is important if theemployee leaves the company and wishes to take their own device with them.

>>Tom Fitzpatrick: For additional security,Kaspersky makes it easy to enable the encryption of sensitive data within the container, which reduces the impact of a lost or stolen device.

>>Tom Fitzpatrick: And because our award-winning anti-malware technology sits at the core you can rest assured that your devices are protected from an ever-growing number of mobile threats.

>>Tom Fitzpatrick: There are plenty of otherfeatures that Kaspersky Security for Mobile enables, such as GPS find, forced passwords, and SIM watch, which will notify you if a SIM card has been changed.

>>Tom Fitzpatrick: By simplifying and automating the secure configuration of multiple devices you're not only reduce your administrativeburden, but you're also supporting better mobile security practices.

>>Text: Kaspersky >>Text: Get started now: Free 30 Day Trial>>Text: Register at kas.

To see how see how a DNS cache poisoning attack works, consider a network where a stub resolver issues a query to its recursive resolver, and the recursive resolver in turn sends that A record query to the start of authority for that domain.

Now, in an ideal world, the authoritative name server for that domain Would reply with the correct IP address.

If an attacker guesses that a recursive resolver might eventually need to issue a query for say, www.

Google.

Com.

The attacker can simply reply with multiple, specially crafted.

Replies each with different id's.

Although this query has some query id, the attacker doesn't need to see that query because the attacker can simply flood the recursive resolver with a bunch of bogus replies and one of them, in this case the response with id3 will match.

As long as this bogus response reaches the recursive resolver before the legitimate response does, the recursive resolver will accept this bogus message.

And worse, it caches the bogus message.

And DNS, unfortunately, has no way to expunge.

A message once it has been cached.

So now this reclusive resolver will continue to send bogus A record responses for any query for this particular domain name until that entry expires from the cache.

Now there's several defenses against DNS cache poisoning, and we've already seen one, which is the query ID.

But of course, the query ID can be guessed.

The next defense is to randomize the ID so rather than having a resolver, end queries where the ID's increment in sequence, the resolver can pick a random ID.

This makes the ID tougher to guess, but still, the query ID is only 16 bits, which still makes it possible for an attacker to flood the recursive resolver with many possible responses.

And, it's likely that, with relatively few responses, One of these bogus responses will match the ID for the real query.

Due to the birthday paradox, the success probability for achieving a collision between the query ID of the query ,and of the response actually only requires sending hundreds of replies, not a complete 32,000.

Due to the birthday paradox, The probability that such an attack will succeed, using only a few hundreds of replies, is relatively close to one.

The attacker does not need to send replies with all two to the 16th possible IDs.

The success of a DNS cache poisoning attack not only depends on the ability to reply to a query with a correct matching ID, but it also depends on winning this race.

That is, the attacker must reply to that query before the legitimate authoritative name server replies.

If the bad guy, or the attacker, loses the race, then the attacker has to wait for that correct cached entry to expire, before trying again, however the attacker can generate his own DNS query.

For example, he could query one.

Google.

Com, two.

Google.

Com and so forth.

Each one of these bogus queries will generate a new race.

And eventually the attacker will win one of these races for an A record query.

But who cares? Nobody necessarily cares to own one.

Google.

Com, or google.

Com.

The attacker really wants to own the entire zone.

Well the trick here is that instead of just simply responding with A records in the bogus replies.

The attacker can also respond with NS records for the entire zone of google.

Com.

So by creating one of these races, using an A record query, and then responding not only with the A record response, but also with the authoritative of the NS record,for the entire zone.

The attacker can in fact own the entire zone.

This idea of generating extreme of A record queries to generate a bunch of races and then stuffing the A record responses for each of these with a bogus authoritative NS record for the entire zone.

Is what's called the Kaminsky Attack, after Dan Kaminsky, who discovered the attack.

The defenses of picking a query ID and randomizing the ID, help, but remember the randomization is only 16 bits, so let's think about other possible defenses.

In addition to having query ID and randomization of that ID, the resolver can randomize the source port on which it sends the query, thereby adding an additional 16 bits of entropy to the ID that's associated with the query.

Unfortunately, picking a random source port can be resource intensive and also a network address translator or a NAT, could derandomize the port.

Another defense is called the 0x20 or the zero x20 encoding, which is based on the intuition that DNS matching and resolution is entirely case insensitive.

So capitalization of individual letters in the domain name do not affect the answer that the resolver will return.

This 0x20 bit, or the bit that affects whether a particular character is capitalized or in lower case can also be used to introduce additional entropy.

When generating a response to a query such as this one, the query is copied from the DNS query into the response exactly as it was in the query.

The mixed pattern of upper and lower case letters thus constitutes a channel.

If the resolver and the authoritative server can agree on a shared key, then the resolver and the authoritative are the only ones who know the appropriate pattern of upper and lower case letters for a particular domain name.

Because no attacker would know the appropriate combination of upper and lower case letters for a particular domain.

It becomes even more difficult for the attacker to inject a bogus reply, because not only would the attacker have to guess the ID, but the attacker would also have to guess the capitalization sequence for any particular domain name.

Let's talk about how to infer denial of service activity using a technique called backscatter.

The idea behind backscatter is that when an attacker spoofs a source IP address, say on a TCP SYN flood attack, that the replies to that initial TCP SYN from the victim will go to the location of the source IP address.

This replies to forged attack messages are called" backscatter".

Now the interesting thing about backscatter is that if we can assume that the source IP addresses are selected by the attacker at random, and we could set up a portion of the network where we could monitor this back scatter traffic, coming back as SYN-ACK replies to forged source IP addresses.

If we assume that these source IP addresses are picked uniformly at random, then the amount of traffic that we see as back scatter.

Represents exactly a fraction that's proportional to the size of the overall attack.

So for example, if we monitor N IP addresses and we see M attack packets, then we expect to see here N over two to the 32 of the total back scatter packets and hence of the total attack rate.

If we want to compute the total attack rate, we simply invert this fraction.

So for example, in this case, if our telescope were a slash eight, or two to the 24th IP addresses, we would simply multiply our observed attack rate x by two to the 32 divided by two to the 24 or 255.